CISCO-CVE-2025-20154

HIGH8.6

Cisco IOS, IOS XE and IOS XR Software TWAMP Denial of Service Vulnerability

Published May 7, 2025

Modified 10 months ago

Affected Packages

Cisco IOS

CiscoIOS

Affected versions:

12.2(58)EX12.2(58)EZ12.2(6)I112.2(60)EZ12.2(60)EZ112.2(60)EZ1012.2(60)EZ1112.2(60)EZ1212.2(60)EZ1312.2(60)EZ14+605 more

Cisco IOS XE

CiscoIOSXE

Affected versions:

16.1.116.1.216.1.316.10.116.10.1a16.10.1b16.10.1c16.10.1d16.10.1e16.10.1f+458 more

Cisco IOS XR

CiscoIOSXR

Affected versions:

24.1.124.1.224.2.124.2.1124.2.224.2.2024.3.16.5.16.5.156.5.2+82 more

CVSS Analysis

CVSS v3.1

8.6

Exploitability

Attack Vector

NetworkAV:N

Attack Complexity

LowAC:L

Privileges Required

NonePR:N

User Interaction

NoneUI:N

Scope

ChangedS:C

Impact

Confidentiality

NoneC:N

Integrity

NoneI:N

Availability

HighA:H

8.6/CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

Upstream

Ecosystems

Timeline

PublishedMay 7, 2025

ModifiedMay 7, 2025